By Jane Devry[ Join Cybersecurity Insiders ]
Since 2019, National Insider Threat Awareness Month (NITAM) has been observed each September to address risks that emerge from inside organizations. Coordinated by the Under Secretary of Defense for Intelligence & Security, the National Insider Threat Task Force, and the Defense Counterintelligence and Security Agency, the initiative has expanded into a global effort across 25 countries. The campaign emphasizes education, reporting, and the creation of insider threat programs that adapt to changing conditions.
The need for attention is reflected in recent data. According to Deepstrike, the average annual cost of insider incidents reached $17.4 million per organization in 2025. Containment takes an average of 81 days, and negligent insiders remain the most frequent cause, though credential misuse produces the highest costs. Eighty-three percent of organizations reported at least one insider incident in the past year, showing that the issue is widespread and persistent.
Richard Bird, Chief Security Officer at Singulr AI, warns that many risks stem from well-intentioned behavior. Employees adopt unsanctioned applications or bypass policies in pursuit of efficiency, creating blind spots for security teams. A University of Maryland, Baltimore County study showed that higher education institutions struggle with the same challenge, as faculty and students frequently use unapproved cloud services and communication tools. Surveys across industries report similar findings, with large percentages of employees admitting to using shadow IT. Bird argues that organizations must modernize oversight to distinguish between benign innovation and dangerous exposure.
The limits of training are another concern. Sandy Kronenberg, CEO and Founder of Netarx, cites research at the University of California, San Diego, which tested nearly 20,000 employees with simulated phishing attacks. Failure rates did not decline, regardless of when training was completed. Keepnet Labs reports similar results across industries, showing that awareness sessions often fail to reduce phishing risk. Kronenberg notes that as phishing merges with deepfakes, the stakes grow higher. Deepfake-related fraud in North America has increased more than 1,700 percent, with projected losses of $40 billion by 2027 and an average cost of $500,000 per incident.
Dr. Srinivas Mukkamala, CEO of Securin, stresses that AI-driven social engineering has made it increasingly difficult to tell authentic communication from manipulated content. Without regulation, he argues, enterprises must take the lead with responsible AI use, stronger access controls, and multi-factor authentication. Jay Bavisi, Founder and Group President of EC-Council, expands the point. He says insider risk cannot be reduced to compliance tasks and calls for continuous learning, simulations, and realistic training environments that pressure-test employees against emerging threats.
Clyde Williamson, Senior Product Security Architect at Protegrity, draws attention to the limits of perimeter defense. Once insider access is misused, firewalls and identity checks no longer protect data. He advocates for encryption, tokenization, and strict access controls that make sensitive information unusable in the wrong hands. Freddy Kuo, Chairman of Luminys and Special Office Executive Assistant at Foxlink, highlights similar risks in physical security. Video surveillance systems often store sensitive material such as employee behavior or financial information. Without encryption, permissions, and audit logs, insiders can exploit access to retrieve and misuse this data.
Josh Jacobson, Director of Professional Services at HackerOne, argues that culture is the fastest path to resilience. Employees, contractors, and security researchers need clear disclosure paths to report mistakes or vulnerabilities early. Continuous testing and transparent remediation turn incidents into lessons rather than liabilities. This reflects a shift from static awareness toward everyday security practices embedded into operations.
Sachin Jade, Chief Product Officer at Cyware, notes that detection is often hindered by information overload. Security teams face a flood of alerts but lack the workflows to separate anomalies from routine activity. Insider threats can blend seamlessly with legitimate operations, making them especially hard to identify. Jade argues for collective defense, where human analysts and AI systems collaborate to surface relevant patterns more effectively. Kronenberg adds that detection must connect signals across email, voice, video, and metadata, rather than treating each channel in isolation.
National Insider Threat Awareness Month in 2025 underscores the growing complexity of insider risk. Employees who bypass controls, phishing attacks powered by AI, fraudulent deepfakes, and misuse of physical surveillance all represent avenues for damage. The perspectives of industry leaders converge on a shared point: isolated tools and outdated approaches are insufficient. Enterprises need visibility across digital ecosystems, stronger data protections, resilient cultures, and coordinated intelligence. Insider threats may take many forms, but they all demand a shift from fragmented defenses to strategies that integrate people, process, and technology at every level.
To read the original article, go to: https://www.cybersecurity-insiders.com/this-insider-threat-awareness-month-its-time-to-confront-the-expanding-risk-within/
